Upload
educause
View
222
Download
0
Embed Size (px)
Citation preview
8/9/2019 Information Security and Records Management: Are They a Good Marriage? (265898021)
http://slidepdf.com/reader/full/information-security-and-records-management-are-they-a-good-marriage-265898021 1/27
Information Security and Records ManagemeAre they a good marriage?
EDUCAUSE SPC May 20!
8/9/2019 Information Security and Records Management: Are They a Good Marriage? (265898021)
http://slidepdf.com/reader/full/information-security-and-records-management-are-they-a-good-marriage-265898021 2/27
Theresa SemmensNDSU CISO
Kathy KimballUniversity of Virginia CISO
Caroline WaltersUniversity of Virginia University RecordsOcer
8/9/2019 Information Security and Records Management: Are They a Good Marriage? (265898021)
http://slidepdf.com/reader/full/information-security-and-records-management-are-they-a-good-marriage-265898021 3/27
Records Management
Information Security
!istorically" in order to s#cceed in the role of CISO" strongs$ills have been re%#ired& ' c#rrent trend is to meldmanagerial(b#siness)oriented roles" s#ch as records man
#nder the CISO& Trends that blend more than one f#nctionrecords management and information sec#rity are *rovo$among sec#rity *rofessionals +ho are concerned that infosec#rity is no longer a *rimary foc#s& The University of ViNDSU have combined these roles #nder the Information SOce& This interactive *resentation +ill *rovide t+o di,einstit#tional *ers*ectives on ho+ it +or$s and ho+ it can
8/9/2019 Information Security and Records Management: Are They a Good Marriage? (265898021)
http://slidepdf.com/reader/full/information-security-and-records-management-are-they-a-good-marriage-265898021 4/27
-oll %#estions coming soon.
•
/or Smart *hones• '#dience can res*ond by
te0ting S-C1234R5 to67827 to 9oin the session
• /or la*to*s and tablets
• To 9oin the session
'#dience can res*-oll:v&com(s*c123
8/9/2019 Information Security and Records Management: Are They a Good Marriage? (265898021)
http://slidepdf.com/reader/full/information-security-and-records-management-are-they-a-good-marriage-265898021 5/27
-oll ;#estion
•
Records 5anagement can cohabitate *eacef#lly Information Sec#rity
'& <es
=& No
C& 5aybe
D& No Cl#e
-oll:v&com(s*c1234rm or te0t S-C1234R5 to 67827
8/9/2019 Information Security and Records Management: Are They a Good Marriage? (265898021)
http://slidepdf.com/reader/full/information-security-and-records-management-are-they-a-good-marriage-265898021 6/27
What is records management>
•
ISO 34?@A)3 deBnes records management as thof management res*onsible for the ecient andsystematic control of the creation" recei*t"maintenance" #se and dis*osition of records" incthe *rocesses for ca*t#ring and maintaining evidand information abo#t b#siness activities andtransactions in the form of records
8/9/2019 Information Security and Records Management: Are They a Good Marriage? (265898021)
http://slidepdf.com/reader/full/information-security-and-records-management-are-they-a-good-marriage-265898021 7/27
What is a record>
•
ISO 34?@A deBnes record deBnition as informacreated" received" and maintained as evidence ainformation by an organiation or *erson" in *#rof legal obligations or in the transaction of b#sin
• Sim*le deBnitionE records are Fall boo$s" *a*ers"
*hotogra*hs" machine readable materials" or othdoc#mentary materials" regardless of *hysical focharacteristics" made or received by a #niversity
8/9/2019 Information Security and Records Management: Are They a Good Marriage? (265898021)
http://slidepdf.com/reader/full/information-security-and-records-management-are-they-a-good-marriage-265898021 8/27
What is information sec#rity>
• The *rocesses and methodologies +hare designed and im*lemented to *ro*rint" electronic" or any other form ofconBdential" *rivate and sensitiveinformation
or data from #na#thoriedaccess" #se" mis#se" disclos#re"destr#ction" modiBcation" or disr#*tio
• G htt*E((+++&sans&org(information)sec#
8/9/2019 Information Security and Records Management: Are They a Good Marriage? (265898021)
http://slidepdf.com/reader/full/information-security-and-records-management-are-they-a-good-marriage-265898021 9/27
University of Virginia
•
!istory• -osition descri*tion and res*onsibilities
• Re*orting Str#ct#re
• S$ills" ed#cation" certiBcation and talents for• CISO
• University Records Ocer
8/9/2019 Information Security and Records Management: Are They a Good Marriage? (265898021)
http://slidepdf.com/reader/full/information-security-and-records-management-are-they-a-good-marriage-265898021 10/27
University of Virginia
•
Information Sec#rity became concern in 3AAA H3• =y 122@ had gro+n to 8 /T: and incl#ded IT *oli
• 122@ Records 5anagement -rocess Sim*liBcatio-ro9ect
• 5oved Records 5anagement from Jibrary to Informat
Sec#rity• Records Ocer *osition created
• /#nded the *rogram
• 122A 'dditional /T: hired in Records 5anageme
• 1234 'dditional /T: hired in Records 5anageme
8/9/2019 Information Security and Records Management: Are They a Good Marriage? (265898021)
http://slidepdf.com/reader/full/information-security-and-records-management-are-they-a-good-marriage-265898021 11/27
Why Is Records 5anagement UnSec#rity>•
-rocess Sim*liBcation -ro9ect felt the follo+ing c+ere critical in determining in +hich #nit Record5anagement sho#ld resideE
• =readth of Unit /#nction H=oth 'dministrative and 'c
• Com*atibility of Records 5anagement +ith the #nit m
•
C#stomer service orientation• Reg#latory and Com*liance role
• Reso#rces for both technical and administrative s#**Records 5anagement
8/9/2019 Information Security and Records Management: Are They a Good Marriage? (265898021)
http://slidepdf.com/reader/full/information-security-and-records-management-are-they-a-good-marriage-265898021 12/27
Why Sec#rity HContin#ed
•
Records 5anagement co#ld *otentially o#rish in#mber of areasE• Jibrary =ased on the criteria" -ro9ect Team felt there
ins#cient reg#latory and com*liance res*onsibility in the missionL mission some+hat at odds +ith datadestr#ction em*hasis& Recommended library remain
res*onsible for 'rchival f#nctions• /inancial 'dministration(=#siness O*erations Strong
com*liance f#nction" c#stomer foc#s& /elt reven#e geem*hasis might be at odds +here Records 5anagemconcerned& ' good candidate if less need for electrontechnical e0*ertise and g#idance is deemed a**ro*ri
• CIO(Sec#rit Re #lator and Com liance(-olic role
8/9/2019 Information Security and Records Management: Are They a Good Marriage? (265898021)
http://slidepdf.com/reader/full/information-security-and-records-management-are-they-a-good-marriage-265898021 13/27
Records 5anagement Iss#es at
8/9/2019 Information Security and Records Management: Are They a Good Marriage? (265898021)
http://slidepdf.com/reader/full/information-security-and-records-management-are-they-a-good-marriage-265898021 14/27
UV' CISO
•
Develo*s" im*lements" enhances and oversees informsec#rity and *rivacy *olicies and sec#rity of the Univediverse and decentralied com*#ting environment
• Incl#des overall res*onsibility for assessing" monitoring" anim*roving the sec#rity of the University of VirginiaMs com*#systems" net+or$s" and data
•
Wor$s in *artnershi* +ith #nits and individ#als across#niversity to form#late *olicies and to assess sec#rity
• Investigates and coordinates res*onse to sec#rity inci
• -rovides o*erational management of the Information -olicy" and Records Oce
8/9/2019 Information Security and Records Management: Are They a Good Marriage? (265898021)
http://slidepdf.com/reader/full/information-security-and-records-management-are-they-a-good-marriage-265898021 15/27
UV' Records Ocer
•
/ormally a**ointed as Records Ocer to JibraryVirginia *er Virginia -#blic Records 'ct" res*onsiincl#deE
• Com*liance +ith the Virginia -#blic Records 'ct follretention sched#les" com*leting CertiBcates of RecorDestr#ction
• -rovide training and g#idance to sta,(fac#lty on *olic*roced#res for *ro*er Records 5anagement
• IdentiBcation of archival records and ens#re transfer archival(historical records to *ro*er archival re*ositor
• Coordinate +ith Jibrary of Virginia on the revision or c
of records series for the Common+ealth or individ#al
8/9/2019 Information Security and Records Management: Are They a Good Marriage? (265898021)
http://slidepdf.com/reader/full/information-security-and-records-management-are-they-a-good-marriage-265898021 16/27
IS-RO Org Chart
8/9/2019 Information Security and Records Management: Are They a Good Marriage? (265898021)
http://slidepdf.com/reader/full/information-security-and-records-management-are-they-a-good-marriage-265898021 17/27
North Da$ota State University
•
!istory• -osition descri*tion and res*onsibilities
• Re*orting Str#ct#re
• S$ills" ed#cation" certiBcation and talents for• CISO(Director" Records 5anagement
• Re*orts to the Vice -resident for Information Tec
8/9/2019 Information Security and Records Management: Are They a Good Marriage? (265898021)
http://slidepdf.com/reader/full/information-security-and-records-management-are-they-a-good-marriage-265898021 18/27
NDSU CISO -osition Descri*tion
•
-rovide leadershi*" g#idance and advocacy for and rela• sec#rity *olicies" *roced#res" and im*lementation&
• IT sec#rity strategic *lanning" *olicies" and *roced#res&
• Develo* and im*lement an ongoing enter*rise)+ide IT sec#rity *lan" +hich +ill incl#de assessment and eval#
• -rovide management" oversight and direction for recor
management& • 5anage" oversee" and *rovide g#idance and direction r
f#nctions of information technology asset managemenactivities incl#ding revie+ing and a**roving soft+are services&
8/9/2019 Information Security and Records Management: Are They a Good Marriage? (265898021)
http://slidepdf.com/reader/full/information-security-and-records-management-are-they-a-good-marriage-265898021 19/27
-rovide management" oversightdirection for records manageme• Serve as a leader that facilitates" shares and coordinates information +ith all +ho
+ith records management" i&e&" cam*#s leaders" cam*#s #nit record coordinatorsSystems records management" and the North Da$ota Information Technology Div5anagement *ersonnel&
• 5aintain" revise" #*date" and *#blish as needed *olicies and *roced#res for comand a**ro*riate handling of #niversity records&
• Coordinate retention" *reservation and destr#ction *rocesses and *roced#res forrecords in accordance +ith University *olicies" state and federal la+s&
•
'ssist eneral Co#nsel +ith coordinating e,orts to com*ly and res*ond to any isJitigation !old Notices" *#blic records re%#ests and data breach incidents and inv
• Coordinate ongoing training and ed#cation needs for #nit record coordinators&
• Investigate and re*ort any *otential non)com*liance to the a,ected de*artmentMor vice *resident" the V- of IT and eneral Co#nsel&
• 5anage and s#*ervise records management *rofessional and st#dent sta,
8/9/2019 Information Security and Records Management: Are They a Good Marriage? (265898021)
http://slidepdf.com/reader/full/information-security-and-records-management-are-they-a-good-marriage-265898021 20/27
Records 5anagement Iss#es atNDSU
/ormal *roced#re in *lace not managed(enforced dirfrom state government HITD oversight
Res*onsibilities non)e0istent
eneral lac$ of #nderstanding and $no+ledge
/looding(b#ilding colla*se(other
The Jog Cabin Room
/ine 'rts
-ersonnel records in de*artments
Records stored in rented storage loc$ers(garages
8/9/2019 Information Security and Records Management: Are They a Good Marriage? (265898021)
http://slidepdf.com/reader/full/information-security-and-records-management-are-they-a-good-marriage-265898021 21/27
8/9/2019 Information Security and Records Management: Are They a Good Marriage? (265898021)
http://slidepdf.com/reader/full/information-security-and-records-management-are-they-a-good-marriage-265898021 22/27
-oll ;#estion
• Do yo# have a records management *rogram that incl#des *olicies*roced#res im*lemented and active>
'& <es
=& No
C& !ave *olicies and *roced#res " b#t they are not enforced and *r
-oll:v&com(s*c1234rm or te0t S-C1234R5 to 67827
8/9/2019 Information Security and Records Management: Are They a Good Marriage? (265898021)
http://slidepdf.com/reader/full/information-security-and-records-management-are-they-a-good-marriage-265898021 23/27
-oll ;#estion
Records management is sit#ated #nder>'& Information technology
=& =#siness and Bnance
C& Jegal and(or com*liance
D& Jibrary
:& Other
-oll:v&com(s*c1234rm or te0t S-C1234R5 to 67827
8/9/2019 Information Security and Records Management: Are They a Good Marriage? (265898021)
http://slidepdf.com/reader/full/information-security-and-records-management-are-they-a-good-marriage-265898021 24/27
-oll ;#estion
•
't yo#r instit#tion" records management incl#deareas and *eo*le
'& Only b#siness
=& =#siness and ed#cation
C& 'll em*loyees +ith the e0ce*tion of fac#lty are re%#com*ly
D& :veryone and all de*artment
-oll:v&com(s*c1234rm or te0t S-C1234R5 to 67827
8/9/2019 Information Security and Records Management: Are They a Good Marriage? (265898021)
http://slidepdf.com/reader/full/information-security-and-records-management-are-they-a-good-marriage-265898021 25/27
8/9/2019 Information Security and Records Management: Are They a Good Marriage? (265898021)
http://slidepdf.com/reader/full/information-security-and-records-management-are-they-a-good-marriage-265898021 26/27
Records 5anagement Reso#rce
•
'R5' International htt*E((arma&org(• enerally 'cce*ted Record Kee*ing -rinci*alsE htt*E((
+++&arma&org(r1(generally)acce*ted)br)record$ee*ines
• 'II5 ) htt*E((+++&aiim&org(
•
5:R 5anaging :lectronic Records ConferenceEhtt*E((+++&merconference&com(• 5ay 3@)12" 1234 ) Chicago
Information Sec#rity and Reco
8/9/2019 Information Security and Records Management: Are They a Good Marriage? (265898021)
http://slidepdf.com/reader/full/information-security-and-records-management-are-they-a-good-marriage-265898021 27/27
Than$
o#
"uestions?
• Theresa Semmens Theresa&SemmensPnds#&ed#
• Kathy Kimball
$r$8*Pvirginia&ed#
• Caroline Walters
c+@dePvirginia&ed#
Information Sec#rity and Reco5anagementE
're they a good marriage>